Modern field guide to security and privacy

How to build ideal candidates for all those cybersecurity job openings

Tomorrow’s cybersecurity pros don’t grow on trees but we still have to plant the seeds for the next generation

Jon Simon
In this photo taken by Feature Photo Service for IBM: Lauded by the U.S. Department of Education and President Obama, the IBM-inspired P-TECH school in Brooklyn, NY, where teens earn both a community college degree and high school diploma in as little as four years, graduated 27 students last evening at the commencement exercises held by the New York City College of Technology (City University of New York's "City Tech") at Barclays Center in Brooklyn, NY on June 2, 2016. Staring directly at the camera is Elisabel Herrera, one of the 2016 P-TECH graduates, who typically either continue on to four-year colleges or apply for jobs at technology companies like IBM. There are expected to be 60 IBM-inspired P-TECH schools in six states this fall. Nationally, less than 30% of students who enroll in two-year community colleges complete their associate's degree within three years, according to the U.S. Dept. of Education.

What separates a good cybersecurity professional from a great one?

Technical acumen, sure. But there’s something else.

“It comes down to passion and grit,” says Eric Conn, founder and CEO at Leverege, on a webcast on the cybersecurity workforce hosted by Northrop Grumman.

As a cybersecurity expert, Conn is well aware of the shortage of qualified workers in the field – a problem which will only grow, as (ISC)2  predicts there to be 1.5 million unfilled jobs in cybersecurity by 2020.

If searching for passion and grit turns up the great ones, how can companies do more to find the solid workforce that will be the base of their operations for years to come?

Companies who find themselves searching frantically through stacks of resumés, courting a handful of graduates against other companies, or just tearing their hair out at the projected state of the cyberworkforce should be aware of how they can help develop the next generation.

It starts in local communities, says Freeman Hrabowski, President of University of Maryland, Baltimore County. Dr. Hrabowski cites a National Security Agency (NSA) program that teaches computer science to middle school girls, as an example of building a better cybersecurity ecosystem that will promote diversity and innovation.

Investing in school programs, from middle-school all the way through college, serves a threefold purpose: it gives students practical skills they can use in the real world, it helps teachers develop relevant curriculum, and it gives companies an opportunity to connect with the students who will potentially be the future of their business.

As ambitious college students studying cybersecurity can expect multiple job offers with competitive salaries before the end of their senior year, Hrabowski says, investing in them early is key to getting them to pick your company out of the crowd.

When students are at the university, companies and the government can also reach out directly to universities to develop solid pipelines that bring new talent to their doorstep every year.

“Universities have to listen to what companies need and make sure the curriculum is aligned with that,” says Hrabowski. “Give scholarship money, substantive internships. Get [students] to work with decent people that will work with them. Students are impressed by the human spirit. Give them paid work.”

But students receiving multiple job offers before they’ve even graduated only highlights the problem for many companies-- how can they differentiate themselves from a sea of competitors to those already in the job market?

Help to subsidize or completely pay for their employees’ continuing education, says Lauren Mazzoli a UMBC graduate and cyber software engineer at Northrop Grumman. Doing so will keep a workforce sharp (and loyal).

“We’re on a treadmill that’s speeding up every year. Everyone must do continual learning,” adds Conn, who is also a UMBC graduate. “You never stop learning.”

One idea to put this into practice? Rotational programs that ensures no individual spends too many years working on exactly the same problem. Such programs help engineers to move outside of their comfort zones and expand their understanding of the problems facing various divisions within the company.

Whatever approach a company takes to solve the looming cybersecurity workforce problem, they can’t do the all the legwork themselves. They need to find other organizations with which to collaborate.

“It’s essential to have the partnership between educators, government and private sector,” says Mazzoli. “Different mentor programs at job fairs and things like that get students interested.”

If you build these programs, the facts are clear: students will come.

Northrop’s CyberPatriot competition, for example, has grown from 7 teams at its first event in 2009, to more than 3,000 registered teams in the 2015-2016 competition. (The program also has a number of mentors that participate, helping the students to solve problems and give them a taste of what it means to be a professional).

It will take a considerable long-term investment from the public and private sectors as well as the academic community to build the next generation of workers. Encouraging kids to take an interest in cybersecurity and giving them the means to do so is the surest way to develop the talent that a company would want on their team.

And the stars? You’ll know them by their grit.

“We have to stop thinking ‘these kids are good at math and science, and these [students] are not’. We [at UMBC] use the word ‘grit’…It’s about how hard you are willing to work, to ask questions, to get involved, to get help,” says Hrabowski.

of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.